npm
4,198 tracked vulnerabilities.
CVE-2025-46565
MEDIUM
NUCLEI
Vite <6.3.4, 6.2.7, 6.1.6, 5.4.19, 4.5.14 - Info Disclosure
May 01, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27611
HIGH
base-x < 3.0.11, 4.0.0, 5.0.0 - Insufficient Visual Distinction of Homoglyphs
Apr 30, 2025
EPSS 0.00
CVE-2025-0716
MEDIUM
AngularJS - Content Spoofing via Improper Sanitization of SVG Image Href Attributes
Apr 29, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-46343
MEDIUM
n8n < 1.90.0 - Authenticated Stored Cross-Site Scripting via Attachments View Endpoint
Apr 29, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-46328
LOW
Snowflake-Connector-NodeJS <2.0.4 - Privilege Escalation
Apr 28, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-46653
LOW
Formidable 2.1.0-3.5.2 - Info Disclosure
Apr 26, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-43865
HIGH
React Router 7.0.0-pre.0-7.5.1 - Insufficient Verification of Data Authenticity via Request Header
Apr 25, 2025
CVSS 8.2
EPSS 0.01
CVE-2025-43864
HIGH
React Router 7.2.0-7.5.1 - Cache Poisoning via Forced SPA Mode Switch
Apr 25, 2025
CVSS 7.5
EPSS 0.24
CVE-2025-32965
CRITICAL
xrpl.js <4.2.1-4.2.4, 2.14.2 - Code Injection
Apr 22, 2025
EPSS 0.01
CVE-2025-32792
HIGH
ses < 1.12.0 - Exposure of Sensitive System Information via Compartment API
Apr 18, 2025
EPSS 0.01
CVE-2025-32442
HIGH
fastify 5.0.0-5.3.0 and 4.29.0 - Content-Type Validation Bypass via Altered Whitespace or Casing
Apr 18, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-3573
MEDIUM
jquery-validation < 1.20.0 - Cross-Site Scripting via showLabel Function
Apr 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-32997
MEDIUM
http-proxy-middleware < 2.0.9 and 3.x < 3.0.5 - Request Body Processing After Parser Failure
Apr 15, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-32996
MEDIUM
http-proxy-middleware <2.0.8, <3.0.4 - Info Disclosure
Apr 15, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-32395
MEDIUM
NUCLEI
NPM Vite < 6.2.6 - Information Disclosure
Apr 10, 2025
EPSS 0.02
CVE-2025-32379
MEDIUM
koa < 2.16.1 and < 3.0.0-alpha.5 - Cross-Site Scripting via ctx.redirect()
Apr 09, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-29189
HIGH
Flowise <= 2.2.3 - SQL Injection via tableName Parameter
Apr 09, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-32020
CRITICAL
crud-query-parser < 0.1.0 - SQL Injection via TypeORM Order/Sort Parameter
Apr 08, 2025
EPSS 0.00
CVE-2025-32014
MEDIUM
estree-util-value-to-estree < 3.3.3 - Prototype Pollution via __proto__ Property
Apr 07, 2025
EPSS 0.00
CVE-2025-31476
MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - XSS
Apr 07, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-31475
MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - Prototype Pollution
Apr 07, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-31138
MEDIUM
tarteaucitron.js <1.20.1 - XSS
Apr 07, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-3197
HIGH
expand-object >=0.0.0 - Prototype Pollution via expand() Function
Apr 04, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-3194
HIGH
bigint-buffer - Buffer Overflow in toBigIntLE()
Apr 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-3191
MEDIUM
react-draft-wysiwyg - Stored Cross-Site Scripting via Embedded Button
Apr 04, 2025
CVSS 6.1
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters